There is a community supported Logstash input plugin for Salesforce. It is not installed by default, but you can use the plugin command to add it. The command is slightly different depending on the version of Logstash that you are using:

Logstash version 2.2:

cd /opt/logstash

bin/plugin install logstash-input-salesforce

Logstash version 2.3:

cd /opt/logstash

bin/logstash-plugin install logstash-input-salesforce

To configure the plugin to use the credentials from Salesforce, create a file located at /etc/logstash/conf.d/salesforce.conf like:

Both the commands and the configuration file should be run/edited on your server running Logstash. If you need more information on initially setting up and running the the ELK stack, check out this tutorial:

In this tutorial, we will go over the installation of the Elasticsearch ELK Stack on Ubuntu 14.04—that is, Elasticsearch 2.2.x, Logstash 2.2.x, and Kibana 4.4.x. We will also show you how to configure it to gather and visualize the syslogs of your systems in a centralized location, using Filebeat 1.0.x. Logstash is an open source tool for collecting, parsing, and storing logs for future use. Kibana 4 is a web interface that can be used to search and view the logs that Logstash has indexed.

At present am using windows machine and trying to configure for salesforce but in windows etc folder wont be there do we have to create same structure as defined there and configure for salesforce.. and how it gets interact with salesforce connected app.